CVE-2020-7491 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-7491?

CVE-2020-7491 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7491?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Tricon Tcm 4351 Firmware, Schneider-Electric Tricon Tcm 4351, Schneider-Electric Tricon Tcm 4352 Firmware, Schneider-Electric Tricon Tcm 4352, Schneider-Electric Tricon Tcm 4351A Firmware.

Vulnerability Description

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Tricon Tcm 4351 Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4351	-
Schneider-Electric	Tricon Tcm 4352 Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4352	-
Schneider-Electric	Tricon Tcm 4351A Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4351A	-
Schneider-Electric	Tricon Tcm 4351B Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4351B	-
Schneider-Electric	Tricon Tcm 4352A Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4352A	-
Schneider-Electric	Tricon Tcm 4352B Firmware	>= 10.2.0, < 10.5.4
Schneider-Electric	Tricon Tcm 4352B	-
Schneider-Electric	Tristation 1131 Firmware	>= 1.0.0, <= 4.9.0
Schneider-Electric	Tristation 1131	-

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01Third Party AdvisoryUS Government Resource
https://www.se.com/ww/en/download/document/SESB-2020-105-01/Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01Third Party AdvisoryUS Government Resource
https://www.se.com/ww/en/download/document/SESB-2020-105-01/Vendor Advisory

FAQ

What is CVE-2020-7491?

CVE-2020-7491 is a vulnerability with a CVSS score of 7.5 (HIGH). **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. Th...

How severe is CVE-2020-7491?

CVE-2020-7491 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7491?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Tricon Tcm 4351 Firmware, Schneider-Electric Tricon Tcm 4351, Schneider-Electric Tricon Tcm 4352 Firmware, Schneider-Electric Tricon Tcm 4352, Schneider-Electric Tricon Tcm 4351A Firmware.